QNAP Video Station
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in QNAP Video Station.
By the Year
In 2026 there have been 0 vulnerabilities in QNAP Video Station. Last year, in 2025 Video Station had 1 security vulnerability published. Right now, Video Station is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 4 | 8.80 |
| 2023 | 3 | 7.33 |
| 2022 | 2 | 9.80 |
It may take a day or so for new Video Station vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent QNAP Video Station Security Vulnerabilities
SQLi in Synology Video Station before 5.8.4
CVE-2024-56804
- October 03, 2025
An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later
SQL Injection
Video Station Auth SQLi (DB Query) Fixed v5.8.1
CVE-2023-50360
8.8 - High
- September 06, 2024
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.1 ( 2024/02/26 ) and later
SQL Injection
Video Station 5.8.1 OS Command Injection (Authenticated) CVE-2023-47563
CVE-2023-47563
8.8 - High
- September 06, 2024
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later
Shell injection
OS Command Injection in Video Station <5.7.2 (Synology)
CVE-2023-41288
8.8 - High
- January 05, 2024
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later
Shell injection
SQLi in Synology Video Station <5.7.2 patch 5.7.2
CVE-2023-41287
8.8 - High
- January 05, 2024
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later
SQL Injection
Video Station XSS via Network Input Pre-5.7.0
CVE-2023-34977
5.4 - Medium
- October 13, 2023
A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later
XSS
Video Station SQLi before 5.7.0 Allow Authenticated Users
CVE-2023-34976
10 - Critical
- October 13, 2023
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later
SQL Injection
OS Command Injection in QNAP QTS/QuTShero <4.5.4.2627/2626
CVE-2023-34975
6.6 - Medium
- October 13, 2023
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later
Shell injection
An improper authentication vulnerability has been reported to affect QNAP device running Video Station
CVE-2021-44056
9.8 - Critical
- May 05, 2022
An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later
authentification
An missing authorization vulnerability has been reported to affect QNAP device running Video Station
CVE-2021-44055
9.8 - Critical
- May 05, 2022
An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later
AuthZ
QNAP has already patched this vulnerability
CVE-2017-13071
- November 22, 2017
QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for QNAP Video Station or by QNAP? Click the Watch button to subscribe.
